Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03
Ran by Colette (administrator) on COLETTE-PC on 11-12-2014 16:31:00
Running from C:\Users\Colette\Downloads
Loaded Profile: Colette (Available profiles: Colette)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Colette\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
() C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
(Akamai Technologies, Inc.) C:\Users\Colette\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Thisisu) C:\Users\Colette\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [251392 2010-05-05] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Colette\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Colette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Colette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Colette\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2291535583-3327991140-731123306-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2291535583-3327991140-731123306-1000\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2291535583-3327991140-731123306-1000 -> {80B22FBC-5A92-4794-82F0-C597880033F8} URL =
http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default
FF Homepage:
https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @ei.MapsGalaxy_39.com/Plugin -> C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2291535583-3327991140-731123306-1000: @nsroblox.roblox.com/launcher -> C:\Users\Colette\AppData\Local\Roblox\Versions\version-0aae98b55b324621\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2291535583-3327991140-731123306-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Colette\AppData\Local\Roblox\Versions\version-0aae98b55b324621\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2291535583-3327991140-731123306-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File
FF Plugin HKU\S-1-5-21-2291535583-3327991140-731123306-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Colette\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2291535583-3327991140-731123306-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Extension: LastPass - C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default\Extensions\
support@lastpass.com [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-07]
FF Extension: No Name - C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [Not Found]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MapsGalaxy Installer Plugin Stub) - C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Colette\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Colette\AppData\Local\Roblox\Versions\version-e51d9fbd5a3e49c4\\NPRobloxProxy.dll No File
CHR Plugin: (SOE Web Installer) - C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-23]
CHR Extension: (Google Search) - C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-23]
CHR Extension: (Mickey Sketch Theme) - C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmaadlipkibabccamkbjjaklifnohhp [2013-11-29]
CHR Extension: (AirMech) - C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn [2013-12-14]
CHR Extension: (Google Wallet) - C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Gmail) - C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-08] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-19] (Microsoft Corporation)
S1 Beep; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-11] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 16:31 - 2014-12-11 16:31 - 00016353 _____ () C:\Users\Colette\Downloads\FRST.txt
2014-12-11 16:30 - 2014-12-11 16:31 - 00000000 ____D () C:\FRST
2014-12-11 16:30 - 2014-12-11 16:30 - 02119680 _____ (Farbar) C:\Users\Colette\Downloads\FRST64.exe
2014-12-11 16:29 - 2014-12-11 16:29 - 00001273 _____ () C:\Users\Colette\Desktop\JRT.txt
2014-12-11 16:24 - 2014-12-11 16:24 - 01707646 _____ (Thisisu) C:\Users\Colette\Downloads\JRT.exe
2014-12-11 16:24 - 2014-12-11 16:24 - 00000000 ____D () C:\Windows\ERUNT
2014-12-11 16:17 - 2014-12-11 16:18 - 00000000 ____D () C:\AdwCleaner
2014-12-11 16:16 - 2014-12-11 16:16 - 02166272 _____ () C:\Users\Colette\Downloads\adwcleaner_4.105.exe
2014-12-11 16:01 - 2014-12-11 16:01 - 00019855 _____ () C:\ComboFix.txt
2014-12-11 15:45 - 2014-12-11 16:01 - 00000000 ____D () C:\Qoobox
2014-12-11 15:45 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-11 15:45 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-11 15:45 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-11 15:45 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-11 15:45 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-11 15:45 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-11 15:45 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-11 15:45 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-11 15:44 - 2014-12-11 15:59 - 00000000 ____D () C:\Windows\erdnt
2014-12-11 15:43 - 2014-12-11 15:43 - 05600944 ____R (Swearware) C:\Users\Colette\Downloads\ComboFix.exe
2014-12-11 15:30 - 2014-12-11 15:31 - 224228576 _____ (NVIDIA Corporation) C:\Users\Colette\Downloads\340.52-desktop-win8-win7-winvista-64bit-english-whql(3).exe
2014-12-11 15:25 - 2014-12-11 15:25 - 00872816 _____ (Microsoft Corporation) C:\Users\Colette\Downloads\WindowsXP-KB975337-x86-ENU.exe
2014-12-11 15:25 - 2014-12-11 15:25 - 00000000 ____D () C:\Users\Colette\Downloads\idw
2014-12-11 15:25 - 2014-12-11 15:25 - 00000000 ____D () C:\Users\Colette\Downloads\asms
2014-12-11 14:53 - 2014-12-11 14:53 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Colette\Downloads\mbar-1.08.2.1001(1).exe
2014-12-10 22:51 - 2014-12-11 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-10 22:50 - 2014-12-11 15:17 - 00000000 ____D () C:\Users\Colette\Desktop\mbar
2014-12-10 22:50 - 2014-12-10 22:50 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Colette\Downloads\mbar-1.08.2.1001.exe
2014-12-10 22:48 - 2014-12-10 22:48 - 00000000 ____D () C:\Users\Colette\Desktop\scans
2014-12-10 22:02 - 2014-12-11 15:25 - 00000000 ____D () C:\Users\Colette\AppData\Local\CrashDumps
2014-12-10 21:41 - 2014-12-11 01:31 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-10 21:41 - 2014-12-10 21:41 - 15201368 _____ () C:\Users\Colette\Downloads\RogueKiller.exe
2014-12-10 21:41 - 2014-12-10 21:41 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\oliol.sys
2014-12-10 21:41 - 2014-12-10 21:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-10 20:10 - 2014-12-10 20:10 - 00040371 _____ () C:\Users\Colette\Desktop\attach.txt
2014-12-10 20:10 - 2014-12-10 20:10 - 00017674 _____ () C:\Users\Colette\Desktop\dds.txt
2014-12-10 20:08 - 2014-12-10 20:08 - 00688992 ____R (Swearware) C:\Users\Colette\Downloads\dds.com
2014-12-10 19:50 - 2014-12-10 19:50 - 01111040 _____ (Farbar) C:\Users\Colette\Downloads\FRST.exe
2014-12-10 18:23 - 2014-12-11 14:55 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-10 18:23 - 2014-12-11 14:55 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-10 18:23 - 2014-12-10 18:23 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-10 18:23 - 2014-12-10 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-10 18:23 - 2014-12-10 18:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-10 18:23 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-10 18:22 - 2014-12-10 18:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Colette\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-10 07:09 - 2014-11-03 16:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 07:09 - 2014-11-03 16:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 07:08 - 2014-11-06 17:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 07:08 - 2014-11-06 17:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 07:06 - 2014-12-02 18:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-10 07:06 - 2014-12-02 17:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-07 14:13 - 2014-12-07 14:17 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Curse Advertising
2014-12-07 14:13 - 2014-12-07 14:13 - 00000000 ____D () C:\Users\Colette\Documents\My Curse
2014-12-07 14:12 - 2014-12-11 16:01 - 00000000 ____D () C:\Users\Colette\AppData\Local\Apps\2.0
2014-12-07 14:12 - 2014-12-10 21:29 - 00000000 ____D () C:\Users\Colette\AppData\Local\Deployment
2014-12-07 14:12 - 2014-12-07 14:12 - 00000318 _____ () C:\Users\Colette\Desktop\Curse Client.appref-ms
2014-12-07 14:12 - 2014-12-07 14:12 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2014-12-07 14:11 - 2014-12-07 14:11 - 00402696 _____ () C:\Users\Colette\Downloads\setup.exe
2014-12-07 14:11 - 2014-12-07 14:11 - 00176315 _____ () C:\Users\Colette\Downloads\HandyNotes-v1.3.2.zip
2014-12-05 17:20 - 2014-12-04 13:08 - 00013315 _____ () C:\Users\Colette\Desktop\Book1.xlsx
2014-11-29 19:13 - 2014-11-29 19:13 - 00001028 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-11-29 19:13 - 2014-11-29 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2014-11-29 19:09 - 2014-12-03 20:32 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2014-11-29 10:02 - 2014-11-29 10:02 - 00323128 _____ () C:\Windows\Minidump\Mini112914-01.dmp
2014-11-19 22:23 - 2014-10-23 17:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 22:23 - 2014-10-23 16:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-16 06:33 - 2014-11-16 06:33 - 00323136 _____ () C:\Windows\Minidump\Mini111614-01.dmp
2014-11-15 00:40 - 2014-11-15 00:40 - 00000000 ____D () C:\Users\Public\Peyonce
2014-11-13 07:46 - 2014-11-13 07:46 - 00001075 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-11-13 07:46 - 2014-11-13 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-11-13 07:44 - 2014-12-07 14:13 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-11-12 14:36 - 2014-10-12 15:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 14:34 - 2014-08-11 18:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 14:34 - 2014-08-11 18:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 14:33 - 2014-10-17 17:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 14:33 - 2014-10-17 16:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 14:33 - 2014-10-09 17:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 14:33 - 2014-10-09 17:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 14:33 - 2014-10-09 17:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 14:33 - 2014-10-09 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 14:33 - 2014-10-09 17:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 14:33 - 2014-10-09 15:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 14:33 - 2014-10-09 15:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 14:33 - 2014-10-02 17:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 14:33 - 2014-10-02 17:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 14:33 - 2014-10-02 17:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 14:33 - 2014-10-02 17:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 14:33 - 2014-10-02 17:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 14:33 - 2014-10-02 17:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 14:33 - 2014-10-02 17:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 14:33 - 2014-10-02 15:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-11-12 14:22 - 2014-10-23 17:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 14:22 - 2014-10-23 16:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 14:22 - 2014-08-26 16:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 14:22 - 2014-08-26 16:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 14:22 - 2014-08-26 16:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 14:22 - 2014-08-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 15:20 - 2014-10-27 12:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 15:20 - 2014-10-27 12:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 15:20 - 2014-10-27 12:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 15:20 - 2014-10-27 12:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 15:20 - 2014-10-27 12:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 15:20 - 2014-10-27 12:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 15:20 - 2014-10-27 12:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 15:20 - 2014-10-27 12:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 15:20 - 2014-10-27 12:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 15:20 - 2014-10-27 12:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 15:20 - 2014-10-27 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 15:20 - 2014-10-27 12:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 15:20 - 2014-10-27 12:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 15:20 - 2014-10-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 15:20 - 2014-10-27 12:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-11 15:20 - 2014-10-27 12:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-11 15:20 - 2014-10-27 11:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 15:20 - 2014-10-27 11:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 15:20 - 2014-10-27 10:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 15:20 - 2014-10-27 10:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 15:20 - 2014-10-27 10:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 15:20 - 2014-10-27 10:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-11 15:20 - 2014-10-27 10:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 15:20 - 2014-10-27 10:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-11 15:20 - 2014-10-27 10:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 15:20 - 2014-10-27 10:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 15:20 - 2014-10-27 10:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 15:20 - 2014-10-27 10:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 15:20 - 2014-10-27 10:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 15:20 - 2014-10-27 10:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 15:20 - 2014-10-27 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 15:20 - 2014-10-27 10:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-11 15:20 - 2014-10-27 10:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-11 15:20 - 2014-10-27 10:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 15:19 - 2014-10-27 12:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 15:19 - 2014-10-27 12:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 15:19 - 2014-10-27 12:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-11 15:19 - 2014-10-27 12:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 15:19 - 2014-10-27 12:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-11 15:19 - 2014-10-27 11:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 15:19 - 2014-10-27 10:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 15:19 - 2014-10-27 10:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 16:28 - 2006-11-02 04:46 - 00777268 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 16:25 - 2006-11-02 07:27 - 01807478 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 16:21 - 2013-09-23 19:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-11 16:21 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-11 16:21 - 2006-11-02 07:22 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-11 16:21 - 2006-11-02 07:22 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-11 16:20 - 2012-12-28 08:55 - 00211618 _____ () C:\Windows\PFRO.log
2014-12-11 16:19 - 2006-11-02 07:42 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-11 16:01 - 2006-11-02 05:33 - 00000000 __RHD () C:\Users\Default
2014-12-11 15:58 - 2006-11-02 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-11 15:48 - 2013-09-23 19:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-11 15:37 - 2012-12-31 11:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 21:41 - 2006-11-02 07:07 - 00000000 ____D () C:\Windows\Performance
2014-12-10 20:30 - 2013-12-25 18:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-10 18:23 - 2013-12-12 07:17 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Malwarebytes
2014-12-10 18:23 - 2013-12-12 07:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-10 18:18 - 2013-01-08 12:38 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-10 18:04 - 2013-12-25 18:45 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-10 11:51 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\rescache
2014-12-10 07:14 - 2013-08-01 17:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 07:09 - 2006-11-02 04:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-10 07:05 - 2014-04-27 11:37 - 00000000 ___RD () C:\Users\Colette\Dropbox
2014-12-10 06:19 - 2014-04-27 11:35 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Dropbox
2014-12-10 06:15 - 2014-01-23 19:20 - 348143159 _____ () C:\Windows\MEMORY.DMP
2014-12-09 18:37 - 2012-12-31 11:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 18:37 - 2012-12-31 11:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 18:37 - 2012-12-31 11:06 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 18:11 - 2014-06-29 07:57 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\TS3Client
2014-12-07 21:11 - 2013-11-07 12:17 - 00000000 ____D () C:\Users\Colette\AppData\Local\Battle.net
2014-12-07 14:14 - 2012-12-28 12:40 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\.minecraft
2014-12-05 23:25 - 2014-03-11 14:30 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-05 23:11 - 2013-01-23 17:15 - 00000000 ____D () C:\Users\Colette\Documents\Noah school
2014-12-04 15:27 - 2014-06-29 07:57 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-12-03 20:29 - 2013-11-11 16:59 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-12-03 20:25 - 2013-11-07 12:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-29 19:50 - 2014-04-10 07:55 - 00000000 ____D () C:\Users\Colette\Documents\Heroes of the Storm
2014-11-29 10:02 - 2013-08-12 10:18 - 00000000 ____D () C:\Windows\Minidump
2014-11-28 12:18 - 2014-01-23 12:40 - 00000000 ___RD () C:\Users\Colette\Desktop\Video Games
2014-11-22 12:25 - 2013-01-19 22:26 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-11-21 06:14 - 2013-12-12 07:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-15 09:02 - 2014-04-27 11:37 - 00000965 _____ () C:\Users\Colette\Desktop\Dropbox.lnk
2014-11-15 09:02 - 2014-04-27 11:36 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 11:43 - 2013-09-23 19:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 11:43 - 2013-09-23 19:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 06:27 - 2013-12-14 18:03 - 00000000 ____D () C:\Users\Colette\AppData\Local\Akamai
2014-11-12 14:48 - 2006-11-02 07:21 - 02185816 _____ () C:\Windows\system32\FNTCACHE.DAT
Some content of TEMP:
====================
C:\Users\Colette\AppData\Local\temp\Quarantine.exe
C:\Users\Colette\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-11 16:26
==================== End Of Log ============================